Steven M. Bellovin wrote:

> In principle, this is a fine idea.  In practice, figuring out the right 
> set of bits is non-trivial.  It's not a direct analogy, but SGI has 48 
> different privileges that a process can have.

let's not over-complicate things just yet: the idea is about separating
the *securelevel* stuff and not creating per-process knobs.

how is the above non-trivial?

-e.

-- 
Elad Efrat